Third, A controller or processor not proven from the EU are going to be topic into the GDPR if it processes the private data of information topics while in the EU and that processing is related to the “checking” while in the EU of your “actions” of data topics as https://directmysocial.com/story2200558/cyber-security-services-in-usa